PKI Blog

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

Last week a user reported having reset his password, but it hadn’t changed in the connected HR system.

As this is an indication that the Password Change Notification Service (PCNS) wasn't working, I checked the Event Viewer on the Synchronization Engine server. While I saw several Event IDs indicating that heartbeats were being received from the DCs, there were no Event IDs 6903 for the past several hours. 6903 is the event that indicates a password notification was received from PCNS.

An ITIL implementation in your organization can be confusing. This section explains exactly why we implement ITIL for our services and processes. In Continual Service Improvement (CSI), we have a couple of different models that we need to know - the Seven Step Continual Improvement Model and the Deming Model. Our ultimate goal is to continually improve our services. You may ask…why are we implementing ITIL? Why are we shooting for perfection?

A client recently requested the ability to use data in an externally-generated file to perform batch attribute updates for Users in the FIM Service. What made this more complicated than expected was that some of the user attributes, for example Manager, were FIM references.

At first, this question might initially seem like an apples vs. oranges situation. We’ll find out that in some cases it’s not, and that making the best strategic choice for your needs depends on a number of factors.

A leader in the educational software market was developing a custom MDM solution enabling a Bring Your Own Device (BYOD) initiative for the classroom when their developers realized their need for an underlying security and Public Key Infrastructure (PKI). Purchasing individual certificates was out of the question, since their solution required very high certificate volume, and they were reluctant to roll out their own PKI, as reliability and high assurance were key requirements to meet their growing customer base. The customer engaged CSS after realizing that operating a full scale PKI was simply out of their wheelhouse.